If you have a WordPress Website/blog (and why wouldn’t you), you need to read this 🙂 For the past few weeks our web server has been falling over and we’re having to keep rebooting the server. A thorough check of the error and visitor logs has shown that we are getting bombarded with attempts to log in to the WordPress Admin and these log in attempts are coming from several IP addresses at the same time. We are recording the IP addresses and none of them are valid/authorised to log in. We have surmised that these attempts to log in are “Brute Force” attempts to crack the WP_Admin password. Once an attacker has gained your password for WP_Admin, they can do all sorts of mischief and even compromise your Web Site without you really noticing. On doing a thorough trawl of the Web, it seems that “Brute force” attacks are on the rise and all would seem to emanate from “compromised” PCs/Web servers.
What can you do? Well, there isn’t anything you can do to prevent these attacks from morons but you can reduce the likelihood of being compromised by:-
1. Changing your WP Admin password, do it now! Make it at least 15 characters using Alpha numeric and special characters.
2. Make sure WordPress and all plugins are up-to-date.
3. Change your WP_Admin password every month.
4. Check your error and visitor logs frequently, look for suspicious activity.
5. Use an on-line Website checker like http://sitecheck.sucuri.net/ this will check your site for Malware and outdated software.
It’s a jungle out there, stay alert and keep safe 🙂